The state of the art is replete with mechanisms for authenticating the identity of an individual using biometric credentials.
For instance, Chainer (U.S. Pat. No. 6,957,337) teaches a method for authenticating a user using one or more biometrics. The method begins with a received biometric being compared against a stored biometric. If the received biometric does not match a stored biometric, the user is prompted to provide another biometric which, in turn, is compared against a stored biometric. The method repeats until a received biometric matches a stored biometric, whereupon the user is authenticated.
Maskatiya (U.S. Pat. No. 6,758,394) teaches a method for authorizing a customer to perform transactions with a self-service device. The method involves extracting a first biometric set of text data from a verification instrument, and extracting a second biometric set directly from the customer. The biometric sets are then compared to determine whether they are derived from the same individual.
Hoffman (U.S. Pat. No. 6,594,376) teaches a method for tokenless authorization of a commercial transaction, that begins with the buyer accepting a seller's offer by providing the buyer's personal identification number (PIN) and at least one biometric sample to a computer server. The computer system uses the PIN to locate a previously-provided biometric, and then compares the received biometric with the previously-provided biometric. The computer system then authorizes the transaction based on the result of the comparison.
Hoffman (U.S. Pat. No. 6,920,435) teaches a method for tokenless authorization of an electronic transaction, that begins with the computer system comparing a received biometric with a previously-provided biometric. If the received biometric matches the previously-provided biometric, a transaction processor is selected for completion of the transaction. A stored audio signature associated with the transaction processor is then sent to the user to thereby identify the transaction processor that conducted the electronic transaction.
Kramer (U.S. Pat. No. 6,934,849) teaches a method for authorizing a commercial transaction that begins with the service provider establishing a telephone link with an authorization provider. If the telephone link has been previously authorized, the service provider accepts the link, and then requests the customer to provide an identifier and a biometric sample over the link. The authorization provider authorizes the transaction if the correspondence between the biometric sample and a stored biometric exceeds a threshold value.
Gudorf (US 2002/0133708) teaches a method for authenticating an e-commerce transaction that involves receiving from a user a transaction request, and personal information associated with the user. The personal information includes a biometric, and an address to which a permission request can be sent. The permission request includes a request for permission to provide additional information to the user. Upon verification of the personal information, the permission request is issued to the user at the specified address. The additional information is delivered to the user if the user grants permission in response to the permission request.
In each of these proposed solutions, the authentication of the user is determined by a comparison of a biometric sample with a previously-supplied biometric. As a result, the solutions are prone to fraud to the extent that the credentials can be duplicated by unscrupulous parties.
Further, the solutions rely heavily on the ability of the computer system to match a biometric sample with a saved biometric. As a result, the outcome of the match is limited by the consistency by which the user can duplicate the saved biometric.